Re: [PATCH v2] sparc64: Add support for Application Data Integrity (ADI)

From: David Miller
Date: Mon Mar 07 2016 - 14:23:01 EST


From: Andy Lutomirski <luto@xxxxxxxxxxxxxx>
Date: Mon, 7 Mar 2016 10:53:23 -0800

> x86 has an upcoming feature called protection keys. A page of virtual
> memory has a protection key, which is a number from 0 through 16. The
> master copy is in the PTE, i.e. page table entry, which is a
> software-managed data structure in memory and is exactly the thing
> that Linux calls "pte". The processor can cache that value in the TLB
> (translation lookaside buffer), which is a hardware cache that caches
> PTEs. On access to a page of virtual memory, the processor does a
> certain calculation involving a new register called PKRU and the
> protection key and may deny access.

ADI is similar, except the "keys" (or "tags") are stored externally
rather than in the PTEs. A bit in the PTE is used to enable tag match
checking.

The tags live in an external table, which is populated by ASI store
instructions. The location of the table is implementation specific,
it could be hypervisor or CPU managed, but if stored in memory it is
to a region of memory accessible only to the hypervisor at best.

Khalid, maybe you should share notes with the folks working on x86
protection keys.